Remove meta.ports and meta.domains modules

modules/system/services/caddy.nix

@@ -95,7 +95,7 @@ in
           message = "Each caddy virtual host must set exactly one of `port` or `files`";
         };
 
-        meta.ports.tcp = [ cfg.metricsPort ];
+        networking.firewall.allowedTCPPorts = lib.mkIf publicHostsExist webPorts;
 
         services.caddy = {
           enable = true;
@@ -111,11 +111,6 @@ in
         custom.persistence.directories = [ "/var/lib/caddy" ];
       }
 
-      (lib.mkIf publicHostsExist {
-        meta.ports.tcp = webPorts;
-        networking.firewall.allowedTCPPorts = webPorts;
-      })
-
       (lib.mkIf privateHostsExist {
         sops.secrets = {
           "porkbun/api-key".owner = config.users.users.acme.name;

modules/system/services/crowdsec/default.nix

@@ -38,11 +38,6 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    meta.ports.tcp = [
-      cfg.apiPort
-      cfg.prometheusPort
-    ];
-
     sops.secrets."crowdsec/enrollment-key" = {
       owner = user;
       restartUnits = [ "crowdsec.service" ];

modules/system/services/dns.nix

@@ -12,11 +12,6 @@ in
   options.custom.services.dns.enable = lib.mkEnableOption "";
 
   config = lib.mkIf cfg.enable {
-    # meta.ports = {
-    #   tcp = [ 53 ];
-    #   udp = [ 53 ];
-    # };
-
     services = {
       unbound = {
         enable = true;
@@ -39,7 +34,9 @@ in
                   |> lib.attrValues
                   |> lib.concatMap (
                     host:
-                    host.config.meta.domains.local
+                    host.config.custom.services.caddy.virtualHosts
+                    |> lib.attrValues
+                    |> lib.map (vHost: vHost.domain)
                     |> lib.filter (domain: self.lib.isPrivateDomain domain)
                     |> lib.map (domain: "\"${domain}. A ${host.config.custom.networking.overlay.address}\"")
                   );

modules/system/services/nebula/default.nix

@@ -38,8 +38,6 @@ in
       systemdUnit = "nebula@mesh.service";
     };
 
-    meta.ports.udp = lib.optional netCfg.underlay.isPublic publicPort;
-
     sops.secrets."nebula/host-key" = {
       owner = config.users.users.nebula-mesh.name;
       restartUnits = [ "nebula@mesh.service" ];

modules/system/services/resolved.nix

@@ -1,22 +1,10 @@
 { config, lib, ... }:
-let
-  ports = [
-    53
-    5353
-    5355
-  ];
-in
 {
   options.custom.services.resolved.enable = lib.mkEnableOption "" // {
     default = config.systemd.network.enable;
   };
 
   config = lib.mkIf config.custom.services.resolved.enable {
-    meta.ports = {
-      tcp = ports;
-      udp = ports;
-    };
-
     services.resolved = {
       enable = true;
       dnssec = "allow-downgrade";

modules/system/services/sshd.nix

@@ -12,8 +12,6 @@ in
   options.custom.services.sshd.enable = lib.mkEnableOption "";
 
   config = lib.mkIf cfg.enable {
-    meta.ports.tcp = [ 22 ];
-
     services = {
       openssh = {
         enable = true;

modules/system/services/syncthing.nix

@@ -61,17 +61,6 @@ in
       }
     ];
 
-    meta = {
-      domains.local = lib.mkIf (cfg.gui.domain != null) [ cfg.gui.domain ];
-      ports = {
-        tcp = [
-          cfg.syncPort
-          cfg.gui.port
-        ];
-        udp = [ cfg.syncPort ];
-      };
-    };
-
     sops.secrets = lib.mkIf useSopsSecrets {
       "syncthing/cert" = {
         owner = config.services.syncthing.user;